Cloud computing is rapidly changing the Internet into a collection of clouds, which provide a variety of computing resources, storage resources, and, in the future, a variety of resources that are currently unimagined.
However, enterprises still face many issues when migrating data to the cloud environment. For example, raw storage that traditionally was always within the controlled environment of the enterprise has now moved; in many cases, to a cloud provider's environment. In a cloud controlled environment, many individual entities (people, other software services, malicious hackers and most importantly the cloud provider's storage device or controller itself, etc.) have access to the raw storage. In other words, storage is placed in an environment where the true owner of that storage does not really know who is obtaining physical access to the storage.
Consider two scenarios where storage has moved from an enterprise to a cloud environment. In the first scenario, an enterprise chooses to make use of the storage infrastructure provided by a storage cloud provider, and the enterprise applications remain within the enterprise environment but the storage is accessed remotely over a high bandwidth connection. In the second scenario, an enterprise chooses to deploy its services within a cloud environment and both the enterprise applications and storage are within the cloud environment. In both the scenarios, it would be extremely advantageous for the cloud provider to guarantee the enterprise that the data written into remote cloud storage is written by the enterprise and not by any other entity.
In fact, many cloud providers have Service Level Agreements (SLAB) with enterprises, which include the guaranteed availability of their data and services, but not guaranteed non-repudiation of storage data modification. The main issue stems from the fact that the remote storage infrastructure consists of storage controllers (storage appliances that sit in front of the raw-storage), which accommodate multiple enterprises (multi-tenant). Without storage non-repudiation capabilities at the remote storage controllers of the cloud storage infrastructures, enterprises are reluctant to embrace the use of cloud storage for sensitive and confidential data.
As an enticement to increase remote storage participation, some vendors offer encryption as a mechanism for providing non-repudiation of storage data. The encryption technique requires that the enterprise applications manage encryption keys. So, the way non-repudiation is provided is that only the application, which owns a private key, can either read or write the data and hence if the data is modified, it is the application (or tenant) that wrote the data. This technique has a huge performance bearing on the processing of data. The data becomes useless when either the private keys are lost by the application or when the data needs to be moved to another cloud provider's premise.
Thus, if an enterprise does not want to suffer performance degradation when accessing its remote storage and/or does not want to manage their own keys, then a cloud provider presently lacks the technology to ensure and prove that only a proper tenant is modifying the enterprise's data. As a result, enterprises have not fully embraced outsourcing the management of their storage to remote environments.